Tycoon Talk
Become a Big fish!
The number 1 forum for online business!
Post topics, ask questions, share your knowledge.
Tycoon Talk is part of Freelancer.com - find skilled workers online at a fraction of the cost.

The Database Forum


You are currently viewing our The Database Forum as a guest. Please register to participate.
Login


Tycoon Talk > Web Administration Support > The Database Forum > how to stop somebody deleting your database!

Reply
how to stop somebody deleting your database!
Old 02-15-2006, 02:41 PM how to stop somebody deleting your database!
Novice Talker

Posts: 8
Trades: 0
Talkupation: Metalmikey666 is on a distinguished road
Hi all again,

I'll be honest, the direction this thread went in;

http://www.webmaster-talk.com/php-fo...tml#post210062

has scared me to death! So a user could type SQL commands into a search-text box and they'd get appended to the resulting SQL query, potentially deleting your whole database!

would it be enough for me to just go through the string checking there are no semicolons?
Metalmikey666 is offline
Reply With Quote
View Public Profile
 
 
Register now for full access!
Old 02-15-2006, 03:03 PM Re: how to stop somebody deleting your database!
chrishirst's Avatar
Missing! presumed drunk.

Latest Blog Post:
A Simple DHTML Tabbed Interface
Posts: 41,528
Name: Chris Hirst
Location: Blackpool. UK
Trades: 0
Talkupation: chrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond repute
check for SQL commands as well.
__________________
Chris. ->> Links are advertising NOT optimising!! <<-
A foolish consistency is the hobgoblin of little minds
Thought for today:- I SEO the only industry where all the cowboys are Indians?
chrishirst is online now
Reply With Quote
View Public Profile Visit chrishirst's homepage!
 
Old 02-16-2006, 07:01 AM Re: how to stop somebody deleting your database!
Minaki's Avatar
Defies a Status

Posts: 1,626
Location: Guildford, UK
Trades: 0
Talkupation: Minaki has a spectacular aura aboutMinaki has a spectacular aura about
Limiting the length of input is also another way. For example, if you have a text field of 15 characters long in your database, truncate any input to 15 characters -before- it hits the database.
__________________
Minaki Serinde MCP
"Wow, Linux is nearly on-par with Windows ME!"

Please login or register to view this content. Registration is FREE
|
Please login or register to view this content. Registration is FREE
Minaki is offline
Reply With Quote
View Public Profile Visit Minaki's homepage!
 
Old 02-16-2006, 11:42 AM Re: how to stop somebody deleting your database!
ibbo's Avatar
Super Spam Talker

Posts: 880
Location: Leeds UK
Trades: 0
Talkupation: ibbo will become famous soon enoughibbo will become famous soon enough
magic quotes, stripslashes are utils in php to prevent sql injections. ASP and .NET should have some similar utils too.

Use them thats what they are around for.

Ibbo
__________________

Please login or register to view this content. Registration is FREE

Please login or register to view this content. Registration is FREE

Please login or register to view this content. Registration is FREE

Please login or register to view this content. Registration is FREE

Linux user #349545 :
(GNU/Linux)iD8DBQBAzWjX+MZAIjBWXGURAmflAKCntuBbuKCWenpm XoA7LNydllVQOwCf
ibbo is offline
Reply With Quote
View Public Profile Visit ibbo's homepage!
 
Old 02-19-2006, 11:53 AM Re: how to stop somebody deleting your database!
Experienced Talker

Posts: 49
Trades: 0
Talkupation: zenanthor is on a distinguished road
Limit the access right to the mysql user account would help.
__________________

Please login or register to view this content. Registration is FREE

Do you got what it takes?
zenanthor is offline
Reply With Quote
View Public Profile
 
Old 03-07-2006, 12:53 PM Re: how to stop somebody deleting your database!
hiptobesquare's Avatar
Extreme Talker

Posts: 186
Location: London UK
Trades: 0
Talkupation: hiptobesquare is on a distinguished road
I had a similar query the other week but nobody answered my post. What zenanthor wrote about permissions reminded me about it. Can someone please read this post and tell me what they think.

http://www.webmaster-talk.com/databa...tick-root.html

Thanks
hiptobesquare is offline
Reply With Quote
View Public Profile
 
Reply     « Reply to how to stop somebody deleting your database!
 
Previous Thread | Next Thread Tycoon Talk > Web Administration Support > The Database Forum > how to stop somebody deleting your database!

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




   
RSS Feed  Feeds: RSS   JS   XML
RSS Feed  Feeds for this forum: RSS   JS   XML



Page generated in 0.17689 seconds with 12 queries